Applies to:

Oracle Commerce Cloud Service - Version N/A and laterInformation in this document applies to any platform.

Goal

In order to be compliant with security best practices and to offer a better user experience the following enhancement regarding customer password reset is requested:

1) User requests a password reset by submitting their username (email) to the application.2) A password reset token is created and saved to database. Token is set to expire after 72 hours.3) Email is dispatched with a link containing the token embedded.4) Token is evaluated.

a. If token is valid: User is prompted for a new password and a field to confirm password. b. If Passwords match and meet password requirements: Set user's password and delete token from database. c. If Passwords don't match or do not meet password requirements: Prompt to reenter password with error message with details about why the password wasn't valid. d. If token is not valid: User is presented an error message and given the option to provide a username to start the user password reset (step 1)